diff --git a/src/console/src/accounts/impls.rs b/src/console/src/accounts/impls.rs
index 9578f1566..095ae96f9 100644
--- a/src/console/src/accounts/impls.rs
+++ b/src/console/src/accounts/impls.rs
@@ -1,4 +1,4 @@
-use crate::constants::E8S_PER_ICP;
+use crate::constants::{NO_CREDITS};
 use crate::types::state::{Account, OpenIdData, Provider};
 use ic_cdk::api::time;
 use junobuild_auth::openid::credentials::delegation::types::interface::OpenIdDelegationCredential;
@@ -74,7 +74,7 @@ impl Account {
             mission_control_id: None,
             provider: provider.clone(),
             owner: *user,
-            credits: E8S_PER_ICP,
+            credits: NO_CREDITS,
             created_at: now,
             updated_at: now,
         }
diff --git a/src/console/src/constants.rs b/src/console/src/constants.rs
index 76b93a25b..f0ac21d9f 100644
--- a/src/console/src/constants.rs
+++ b/src/console/src/constants.rs
@@ -18,6 +18,13 @@ pub const MISSION_CONTROL_CREATION_FEE_CYCLES: CyclesTokens =
 // A credit which can be used to start one satellite or one orbiter.
 pub const E8S_PER_ICP: Tokens = Tokens::from_e8s(100_000_000);
 
+// On Apr. 4, 2026, someone exploited the free tier to spin up free canisters.
+// They created roughly 60-70 identities to spin up the same number of canisters.
+// The rate limiter worked as expected — they had to wait a few minutes before creating more users.
+// Unfortunately, until further notice, credits must be requested on demand to prevent this
+// kind of abuse and protect the integrity of the Console.
+pub const NO_CREDITS: Tokens = Tokens::from_e8s(0);
+
 pub const RELEASES_METADATA_JSON: &str = "/releases/metadata.json";
 
 // Default freezing threshold to create Satellites and Mission Controls